Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4015 | 1 Cisco | 1 Ios | 2012-10-29 | 5.0 MEDIUM | N/A |
| Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300. | |||||
| CVE-2011-3936 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2012-10-29 | 4.3 MEDIUM | N/A |
| The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file. | |||||
| CVE-2011-3295 | 1 Cisco | 1 Ios Xr | 2012-10-29 | 7.8 HIGH | N/A |
| The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888. | |||||
| CVE-2011-2586 | 1 Cisco | 1 Ios | 2012-10-29 | 5.4 MEDIUM | N/A |
| The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249. | |||||
| CVE-2007-4742 | 1 Claroline | 1 Claroline | 2012-10-29 | 4.3 MEDIUM | N/A |
| Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence. | |||||
| CVE-2005-0200 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2012-10-23 | 7.5 HIGH | N/A |
| TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386. | |||||
| CVE-2006-6168 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2012-10-23 | 7.5 HIGH | N/A |
| tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email." | |||||
| CVE-2012-1817 | 1 Emerson | 3 Deltav, Deltav Proessentials Scientific Graph, Deltav Workstation | 2012-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file. | |||||
| CVE-2012-4824 | 1 Ibm | 1 Lotus Notes Traveler | 2012-10-08 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter. | |||||
| CVE-2011-4911 | 1 Joomla | 1 Joomla\! | 2012-10-07 | 5.0 MEDIUM | N/A |
| Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. | |||||
| CVE-2012-5234 | 1 Ocportal | 1 Ocportal | 2012-10-01 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter. | |||||
| CVE-2012-1103 | 2 Gnu, Notmuchmail | 2 Emacs, Notmuch | 2012-09-25 | 4.3 MEDIUM | N/A |
| emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message. | |||||
| CVE-2012-3691 | 1 Apple | 1 Safari | 2012-09-21 | 5.8 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2011-4962 | 1 Silverstripe | 1 Silverstripe | 2012-09-17 | 6.8 MEDIUM | N/A |
| code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized. | |||||
| CVE-2010-4819 | 1 X | 1 X.org-xserver | 2012-09-12 | 3.6 LOW | N/A |
| The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw." | |||||
| CVE-2012-3572 | 2 Nurul Hidayah Hamazulan, Oscc | 2 Mymesyuarat, Mymeeting | 2012-09-12 | 6.0 MEDIUM | N/A |
| Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document. | |||||
| CVE-2010-4818 | 1 X.org | 1 X.org | 2012-09-06 | 8.5 HIGH | N/A |
| The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c. | |||||
| CVE-2010-5185 | 1 Comodo | 1 Comodo Internet Security | 2012-09-04 | 10.0 HIGH | N/A |
| The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors. | |||||
| CVE-2012-1608 | 1 Typo3 | 1 Typo3 | 2012-09-04 | 5.0 MEDIUM | N/A |
| The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters. | |||||
| CVE-2012-2374 | 1 Tornadoweb | 1 Tornado | 2012-09-04 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input. | |||||